WSO2 ASCarbon uses several keystores to power the HTTPS servlet transport and to encrypt other confidential information such as administrator passwords. The keystores used to encrypt administrator passwords and other confidential information in Carbon is configured in the <PRODUCT_HOME>/repository/conf/carbon.xml
file (under the <security
> element). Two keystore elements can be used to configure keystones in the The carbon.xml
file : Primary keystore (Keystore
) and Registry Keystore (RegistryKeystore
).
...
in the <PRODUCT_HOME>/repository/
...
conf
directory of your product contains the configurations for the primary keystore and the registry keystore.
Note |
---|
Note that when keystones keystores are configured, two keystore passwords are specified in the relevant carbon.xml file:
|
Table of Contents | ||||
---|---|---|---|---|
|
Primary Keystore
The KeyStore
element configured in the carbon.xml
file can be considered as the default Carbon keystore configuration. This is used for the primary keystore, which The primary keystore mainly stores the keys certifying SSL connections to Carbon servers , and the keys for encrypting administrator passwords as well as other confidential information. The keystore configuration in the The Keystore
element in the carbon.xml file is used to configure the primary keystore as given below. Note that in this example, we are using the default key store keystore in the your product pack (wso2carbon.jks) is used as the primary keystore.
Code Block |
---|
<KeyStore> <Location>${carbon.home}/resources/security/wso2carbon.jks</Location> <Type>JKS</Type> <Password>wso2carbon</Password> <KeyAlias>wso2carbon</KeyAlias> <KeyPassword>wso2carbon</KeyPassword> </KeyStore> |
...
RegistryKeyStore
is a separate keystore element configurable in the carbon.xml
file. This configuration applies for the keystore which stores the keys that certify encrypting/decrypting meta data to the registry. Therefore, using this RegistryKeystore
element the registry keystore in addition to the Keystore
element in the primary keystore in the carbon.xml
file allows you to maintain a separate keystore for the purpose of encrypting/decrypting meta data to the registry. The registry keystore configuration which needs to be added in the carbon.xml
file is as given belowbellow. Note that in this example, we are referring to the default keystore in the product pack (wso2carbon.jks) as the registry keystore.
Code Block |
---|
<RegistryKeyStore> <!-- Keystore file location--> <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location> <!-- Keystore type (JKS/PKCS12 etc.)--> <Type>JKS</Type> <!-- Keystore password--> <Password>wso2carbon</Password> <!-- Private Key alias--> <KeyAlias>wso2carbon</KeyAlias> <!-- Private Key password--> <KeyPassword>wso2carbon</KeyPassword> </RegistryKeyStore> |
Keystore of the HTTPS transport
The keystore of the HTTPS transport is configured in the axis2.xml
file under the HTTPS transport receiver and HTTPS transport sender configurations.
Code Block |
---|
<parameter name="keystore" locked="false">
<KeyStore>
<Location>resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
</parameter>
|
...